Details:
Iptools is a popular set of tiny TCP/IP utilities implemented as Perl scripts, that include a minimalist webserver, a remote command server on the lines of Telnet, a TFTP server/client, SNMP browser, etc. The toolset has been reported to be vulnerable to a denial of service (DoS) vulnerability, specifically within its remote command server script, rcmd.

The vulnerable utility receives user-supplied input through its listening port, TCP/23, which is then tested against a set of weak sanitization checks. This input is used as a placeholder for the EXPR parameter used by the internal chdir function which parses it as a filename reference. Since this parameter could reference a string of an unbounded length, the directory change operation could generate an untrappable exception. This flaw could make the vulnerable utility unstable, effectively terminating the Perl interpreter abnormally, leading to the DoS condition. The following code snippet depicts where the vulnerability could have been introduced within the rcmd script:chop($curdir=`cd`);print NS "$curdir> ";while (<NS>) { print "Client request : "; print; CASE: { /cd / && do { $dir=$'; $dir=~s/\015\012//; print $dir if $debug;chdir "$dir" || print NS "Invalid directory\015\012" ; last CASE; }; /^(\b)*(.:)/ && do { $drive=$2; ; print "driver:[$drive]" if $debug;chdir "$drive" || print NS "Invalid drive\015\012" ; last CASE; };

An official confirmation and software updates are currently unavailable. Users are requested to avoid using the vulnerable utility until official fixes are released. For a workaround, users could consider introducing restrictive firewall policies that prohibit unnecessary access to the vulnerable script from an unauthorized source.